Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

· A Canadian
National Railway Co., train struck another freight train in Slinger, Wisconsin,
July 20 derailing 3 engines and 10 railcars and spilling about 5,000 gallons of
diesel fuel, leading to the evacuation of around 100 nearby residents. – Associated
Press

7.
July 21, Associated Press –
(Wisconsin) Wisconsin train crash injures 2 people, spills oil. A
Canadian National Railway Co., train struck another freight train in Slinger,
Wisconsin, July 20 derailing 3 engines and 10 railcars and spilling about 5,000
gallons of diesel fuel. Two crew members were injured and around 100 residents
were evacuated for 5 hours as a precaution. Source: http://news.msn.com/us/wisconsin-train-crash-injures-2-people-spills-oil

· At least one person
died and hundreds of homes were destroyed in 114 separate wildfires in several
counties across eastern Washington that burned hundreds of thousands of acres.
– Wall Street Journal

18.
July 20, Wall Street Journal –
(National) Washington state wildfires kill one, displace hundreds. At
least one person died and hundreds of homes were destroyed in 114 separate
wildfires in several counties across eastern Washington that burned hundreds of
thousands of acres. Fire crews worked over the weekend of July 19 to contain
the fires while hundreds of residents were evacuated. Source: http://online.wsj.com/articles/washington-state-wildfire-grows-1405874057

· The sheetrock
ceiling of one of five housing units at the Diboll Correction Center in Lufkin,
Texas, collapsed July 19, leaving 19 inmates injured. – CNN

21.
July 20, CNN – (Texas) 19 injured
when Texas prison roof collapses. The sheetrock ceiling of one of five
housing units at the Diboll Correction Center in Lufkin, Texas, collapsed July
19, leaving 19 inmates injured. Authorities are investigating the cause of the
roof collapse. Source: http://www.cnn.com/2014/07/19/us/prison-roof-collapse/index.html

· The Industrial
Control Systems Cyber Emergency Response Team (ICS-CERT) stated July 17 that
six Siemens industrial control products used in several industries contained
vulnerabilities in their OpenSSL implementation, with four products currently
unpatched. – Help Net SecuritySee item 23 below in the Information
Technology Sector

Financial Services Sector

5. July
21, The Register – (International) Secondhand Point-o-Sale
terminal was horrific security midden. A researcher with HP found that a
second-hand Aloha point-of-sale (PoS) terminal purchased from eBay still held a
database of employee names, Social Security numbers, and addresses, as well as
default passwords that could be used by an attacker if the previous owners did
not change passwords in new equipment. Source: http://www.theregister.co.uk/2014/07/21/ebayed_point_of_sale_terminal_leak_peril/

For another story, see item 25 below
in the Information Technology Sector

Information Technology Sector

23. July 21, Help Net Security – (International) Unpatched OpenSSL holes found on
Siemens ICSs. The Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT) stated July 17 that six Siemens industrial control products
contained vulnerabilities in their OpenSSL implementation that could lead to
man-in-the-middle (MitM) attacks or the crashing of Web servers. Four of the
vulnerabilities remain unpatched and are present in industrial control products
used by the manufacturing, chemical, energy, agriculture, and water industries
and utilities. Source: http://www.net-security.org/secworld.php?id=17146

24. July 19, Softpedia – (International) Kelihos trojan delivered through
Askmen.com. Researchers with Malwarebytes reported that the online
publication Askmen.com was compromised by attackers and used to redirect users
to a malicious page serving the Nuclear Pack exploit kit for the purpose of
infecting users with the Kelihos malware. The compromise was achieved by injecting
malicious code into the Askmen.com server, and the site’s administrators were
notified. Source: http://news.softpedia.com/news/Kelihos-Trojan-Delivered-Through-Askmen-com-451345.shtml

25. July 18, Help Net Security – (International) Fake Flash Player steals credit card
information. Dr. Web researchers reported finding a new piece of Android
malware dubbed BankBot that is disguised as Adobe Flash Player and persistently
asks users for administrator privileges in order to display a fake credit card
information form and steal any entered information. The malware is currently
targeting users in Russia but can be repurposed to attack other targets.
Source: http://www.net-security.org/malware_news.php?id=2812

26. July 18, Securityweek – (International) Researchers analyze multipurpose
malware targeting Linux/Unix Web servers. Virus Bulletin published an
analysis of a recently discovered piece of malware that infects Linux and Unix
Web servers known as Mayhem, which has infected around 1,400 servers. The malware
relies on several plugins for various capabilities, including information
stealing and brute-force attacks. Source: http://www.securityweek.com/researchers-analyze-multipurpose-malware-targeting-linuxunix-web-servers

28. July 18, Threatpost – (International) Critroni crypto ransomware seen using
TOR for command and control. Security researchers found that a new piece of
ransomware known as Critroni has been spotted in use by various attackers using
the Angler exploit kit to infect users with it and other malware. The
ransomware encrypts victims’ files and demands a ransom, and uses the TOR
network to contact its command and control servers. Source: http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command-and-control/107306

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"